Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-08 16:37:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 0710fad92d Update EDRSandblast_API.c - MiniFilter Callbacks not restored master Rafael Scheel 2024-06-23 21:30:01 +02:00
  • c0ae62ac1d Completed the README about download links and updated the Usage part Maxime Meignan 2024-01-28 16:00:26 +01:00
  • 8579e92a0a Update reference to vulnerable driver maxbeckmann 2024-01-16 11:23:32 +01:00
  • 80bcc61db8 Merge pull request #27 from nuts7/SentinelOneEdrBinaryTypo Maxime Meignan 2024-01-28 14:39:42 +01:00
  • 2bfa327afb Merge pull request #26 from laxa/master Maxime Meignan 2024-01-28 14:37:41 +01:00
  • 2f80104a3d Fix typo SentinelOne EDR binary nuts7 2024-01-24 16:50:03 +01:00
  • ea245f7642 Fix current build laxa 2024-01-16 16:41:28 +01:00
  • 0e2b725590 Various fixes (TCHAR/WCHAR confusions & handle leaks) Maxime Meignan 2023-11-23 17:14:42 +01:00
  • ea27242fa2 SandMiniDumpWriteDump: changed SetPrivilege location for reliable process listing Maxime Meignan 2023-11-03 19:30:02 +01:00
  • 794dd9c254 CLI: bugfix: the output path was too small to be overwritten Maxime Meignan 2023-11-03 19:27:44 +01:00
  • 77953c60bd fix syscall dump method, enable sedebugprivilege NK 2023-11-02 22:38:10 -05:00
  • fa8f55ad83 Fix lsass pid retrieval nikaiw 2023-11-02 22:04:24 -05:00
  • 2cf0c0a54f Merge pull request #22 from wavestone-cdt/minifilters Maxime Meignan 2023-11-29 14:37:53 +01:00
  • 6a78be1532 Thanking 0mWindyBug on the README Maxime Meignan 2023-11-28 23:39:44 +01:00
  • 3ee6780751 add documentation for minifilter-related functions Maxime Meignan 2023-11-28 22:39:36 +01:00
  • 396e6edbf4 Provide a high-level description of the minifilter bypass in the README Maxime Meignan 2023-11-28 22:37:35 +01:00
  • e567c488ff [new feature] Implements EDR minifilter callbacks detection and removal Maxime Meignan 2023-11-29 14:32:35 +01:00
  • 1b1919ba8a Introduced the info about atomic/non-atomic write primitives Maxime Meignan 2023-11-29 14:30:07 +01:00
  • eeefd835fe Refactored the extraction script for easier integration of new images/symbols Maxime Meignan 2023-11-29 14:28:17 +01:00
  • 4c2449cfd4 Changed the way found callbacks are stored (removed the size limit) Maxime Meignan 2023-11-29 14:25:39 +01:00
  • 5bfd633022 Various cosmetic changes Maxime Meignan 2023-11-29 00:03:46 +01:00
  • 5e1d1daf6d Updating the "thanks" section Maxime Meignan 2023-11-03 16:32:30 +01:00
  • eadbeaaad0 Added directions when the vulnerable driver does not unload correctly Maxime Meignan 2023-11-03 16:23:17 +01:00
  • 3c3cc307ce Userland hooks: ignore api-ms-* DLLs Maxime Meignan 2023-11-03 16:17:59 +01:00
  • bf749f54c7 PE parser: added a feature to parse a PE directly from kernel memory Maxime Meignan 2023-11-03 16:13:13 +01:00
  • b7b17f8b51 visual studio configuration changes Maxime Meignan 2023-11-03 16:11:39 +01:00
  • 4fde66c86d cosmetic changes Maxime Meignan 2023-11-03 16:10:40 +01:00
  • b1321850c1 ExtractOffsets.py: detect invalid PDB Maxime Meignan 2023-11-03 15:06:34 +01:00
  • 43b159e2b1 ExtractOffsets.py: handle new offsets & duplicate PEs on MS servers Maxime Meignan 2023-11-03 15:05:54 +01:00
  • f15471d12c DSE bypass : implemented "callback swapping" method Maxime Meignan 2023-11-03 14:38:01 +01:00
  • 15c3b706f1 various cosmetic changes to please the code analyzer Maxime Meignan 2022-09-23 17:50:52 +02:00
  • 09dc67bc65 v1.0 of the pypdb parser: completely removed the radare2 dependency Maxime Meignan 2023-10-27 16:21:45 +02:00
  • d38b84d179 starting removing the PE parsing in ExtractOffsets.py to get rid of r2 Maxime Meignan 2023-10-27 16:18:42 +02:00
  • aa408ced60 tweaking configuration files Maxime Meignan 2022-09-23 17:43:10 +02:00
  • 4d2789b21b added a PE_find_static_relative_reference function (not used yet) Maxime Meignan 2022-08-22 17:22:46 +02:00
  • 1e8713cfb5 removed useless macros Maxime Meignan 2023-10-11 11:13:37 +02:00
  • f1fc3a8d04 Update README.md (thanking v1k1ngfr) Maxime Meignan 2023-10-10 17:39:50 +02:00
  • 02490ec4ca Merge pull request #17 from nuts7/new-edr-drivers Maxime Meignan 2023-10-10 16:18:42 +02:00
  • 4d414edb77 Implements a check on PDB files to avoid using an invalid one and crash the machine Maxime Meignan 2022-08-23 19:59:47 +02:00
  • 482ab84a11 CLI: adding a small todo regarding DSE bypass Maxime Meignan 2023-10-10 14:46:21 +02:00
  • c9ee91eaa8 CLI: added the correct flags for DSE bypass Maxime Meignan 2023-10-10 14:36:31 +02:00
  • 7590a11389 CiOptions: Simplifies the way CI.dll base address is recovered Maxime Meignan 2023-10-09 16:29:19 +02:00
  • 0a817fea93 g_CiOptions patching: fixed a crash Maxime Meignan 2023-10-09 14:59:10 +02:00
  • 0b0086ea92 cosmetic changes & compiler warnings fixes Maxime Meignan 2023-10-09 14:57:49 +02:00
  • 43cea1f08b small cleanup in header files Maxime Meignan 2023-10-06 16:12:52 +02:00
  • 7be844b518 Add feature : loading unsigned driver v1k1ngfr 2022-12-25 01:07:15 +01:00
  • 0bbe76aab1 New BYOVD-driver support: GDRV.sys (GigaByte) v1k1ngfr 2022-12-25 01:07:15 +01:00
  • 9939301140 ExtractOffsets.py: added safety check in version number recovery Maxime Meignan 2023-10-06 09:46:20 +02:00
  • a49f69b122 ExtractOffsets.py: adds an optionnal control on number of threads Maxime Meignan 2023-10-05 18:01:19 +02:00
  • e479bef8f5 Merge pull request #14 from v1k1ngfr/g_CiOptionExtract Maxime Meignan 2023-10-06 10:33:17 +02:00
  • 5f82ba2efe ExtractOffsets.py: minor syntactic, cosmetic and safety changes Maxime Meignan 2023-10-06 10:31:26 +02:00
  • 75b0168045 Merge branch 'master' into g_CiOptionExtract Maxime Meignan 2023-10-06 10:24:05 +02:00
  • a561976b5d Fix version parsing issue in offsets extractor laxa 2022-12-01 18:43:40 +01:00
  • 45d3ff5486 Fix concurrency issues in offsets extractor laxa 2022-12-01 18:43:40 +01:00
  • 3ed5638366 New EDR drivers nuts7 2023-09-22 16:14:11 +02:00
  • bafddfbced Fixed a radare2 version parsing error in extractoffsets.py Maxime Meignan 2023-04-17 16:03:06 +02:00
  • 7572f09ae3 [Bugfix] _fputts did not add a LF Maxime Meignan 2023-03-16 16:41:29 +01:00
  • a3966d34b3 Update CiOffsets.csv Viking 2022-12-28 17:08:06 +01:00
  • 919ec7dea1 Add CiOffsets.csv Viking 2022-12-11 11:02:21 +01:00
  • 5f2734a888 Add g_CiOptions offset extract "feature" Viking 2022-11-27 18:42:15 +01:00
  • f760cd20bf Remove possibility of crash when giving a malformed CSV Maxime Meignan 2022-11-15 16:38:40 +01:00
  • fe4ab633da Ensure retrocompatibility with Windows XP->Windows 7 Maxime Meignan 2022-11-15 16:05:05 +01:00
  • 5ac077e81f Change compilation options to fix Debug build profile Maxime Meignan 2022-11-15 16:03:46 +01:00
  • f1a4d1c38c Fixes a relative/absolute driver path problem with service registering Maxime Meignan 2022-11-07 16:25:03 +01:00
  • 1dab1efdd6 Changed enum names in API Maxime Meignan 2022-08-13 09:00:40 -07:00
  • 49fbc5d924 Updated README with ObRegisterCallbacks and offsets retrieval info Maxime Meignan 2022-08-19 22:17:23 +02:00
  • 2d20457805 Add slides from the DefCon30 Demolab DefCon30Release Qazeer 2022-08-18 01:23:02 -05:00
  • 48a75a7029 D3FC0N 30 release: Obj callbacks, firewalling, symbols w/ internet, and more Qazeer 2022-08-13 09:23:48 -07:00
  • 2e037a379b Merge pull request #8 from xalicex/master Maxime Meignan 2022-06-17 18:26:24 +02:00
  • 0109de4937 add new Tehtris driver Alice 2022-06-15 11:36:31 +02:00
  • 487047f9db clarifies some parts of the README Maxime Meignan 2022-01-27 14:20:06 +01:00
  • e8671c36b7 Fixes a few typos in README & "usage" message Maxime Meignan 2022-01-27 11:37:20 +01:00
  • 31df6f1db8 Fixes an error in CLI handling Maxime Meignan 2022-01-27 10:57:22 +01:00
  • 744754ae04 Fixes typos in ExtractOffsets script Qazeer 2022-01-17 23:51:05 +01:00
  • d29986ab80 Improved error verbosity Maxime Meignan 2022-01-17 17:13:47 +01:00
  • c058ff312a [Offsets] adds new ntoskrnl offsets Qazeer 2022-01-07 12:29:08 +01:00
  • cd0d983525 Update README.md Maxime Meignan 2022-01-07 10:02:29 +01:00
  • fa75dd9ec1 Header inclusion feng-shui (each file only includes what it needs) Maxime Meignan 2021-12-31 17:29:14 +01:00
  • 4ae1872ae9 userland hooking audit: add an option to load arbitrary DLL before auditing Maxime Meignan 2021-12-31 15:50:16 +01:00
  • 3c81bd4f26 execute userland hook removal before kerneland tampering activity Maxime Meignan 2021-12-31 10:02:05 +01:00
  • d676ff82f5 Added some safety check in hook resolving code Maxime Meignan 2021-12-08 18:22:33 +01:00
  • 7587511330 Merge pull request #2 from JohnLaTwC/patch-1 Maxime Meignan 2021-12-08 18:18:19 +01:00
  • 7c6eb8173d Update CredGuard.c John Lambert 2021-12-08 08:26:18 -08:00
  • 2072b71d05 Fix potential buffer overrun in credguard disable John Lambert 2021-12-08 07:15:06 -08:00
  • f3147ecb8a Merge pull request #1 from zeronounours/master Qazeer 2021-12-08 14:52:44 +01:00
  • 10c04a9174 Rather use r2 to get file version than pefile zeroNounours 2021-12-08 13:55:16 +01:00
  • 82704114b3 Make ExtractOffsets.py compatible with Linux zeroNounours 2021-12-08 13:43:29 +01:00
  • ab6188aece Removed a typo in README.md Maxime Meignan 2021-12-08 10:54:51 +01:00
  • 894f58377b [Offsets] adds new ntoskrnl & wdigest offsets Qazeer 2021-12-07 15:49:28 +01:00
  • 3c17e09d50 Update README.md with detections insights Maxime Meignan 2021-12-02 13:47:05 +01:00
  • 907d6b0a87 Cleaning up some code Maxime Meignan 2021-11-10 16:19:41 +01:00
  • 9957b7a38e Adds randomization of service name Qazeer 2021-11-10 01:12:48 +01:00
  • 4bff81986b Initial commit for public version Maxime Meignan 2021-11-08 09:54:05 +01:00